¾¯ÌèÖÇÄܺÏÔ¼·ì϶£ºÇø¿éÁ´Éϵġ°¿ÕÆø¡±±Ò

°ä²¼¹¦·ò 2018-07-13


640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1

 ²¼¾°

640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1


Çø¿éÁ´ÊǽüÄêÀ´×î¾ß¸ïÃüÐÔµÄÐÂÐ˼¼ÊõÖ®Ò» £¬ÒÔÆäÈ¥ÖÐÐÄ»¯¡¢²»³É´Û¸ÄµÈÌØµã £¬µß¸²Á˽ðÈÚµÈÖî¶àÐÐÒµµÄÔ­Óй涨¡£Çø¿éÁ´ÏÖÒѽøÈë3.0½×¶Î £¬¡°´ú±ÒºÏÔ¼¡±×÷ÎªÇø¿éÁ´ÖÇÄܺÏÔ¼ÖÐÀûÓÃ×î¿í·ºµÄÒ»Àà £¬Ò²³ÉΪ¹¥»÷ÕßÃǵijÁÒª¹¥»÷¶ÔÏó¡£


ÓÉÓÚ¼¼Êõ·¢Õ¹Ê±ºöÂÔÁ˰²È«ÏÈÐеÄÀíÏë £¬µ¼Ö¶à¶à¼¼Êõ´æÔÚ´óÁ¿°²È«ÎÊÌâ £¬Ó봫ͳ·¨Ê½Ò»Ñù £¬´ú±ÒºÏÔ¼ÎÞ·¨Ô¤·ÀÏß´æÔÚ°²È«·ì϶¡£¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶µÃÐÄÓ¦ÊֵؽÚÔìÊг¡ÉϵÄÇ®±Ò×ÜÁ¿»òËÁÒâÕË»§µÄÇ®±ÒÁ¿ £¬ÕâÑùʹÕý±¾¾ÍÎÞêµÄÇ®±Ò³¹µ×ʧȥÐÅÓþ £¬³ÉΪ¡°¿ÕÆø¡±±Ò¡£



640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1

ÖÇÄܺÏÔ¼Éó¼Æ

640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1


mansion88Ã÷ÉýADLab½üÄêÀ´³ÖÐø¹Ø×¢Çø¿éÁ´¼¼Êõ°²È«ÎÊÌâ £¬Í¨¹ý¶ÔÒÔÌ«·»Ö÷Á´[1]ÖÇÄܺÏÔ¼½øÐÐ×êÑÐ £¬·¢ÏÖÁË400¶à¸öCVE·ì϶¡£


ÖÇÄܺÏÔ¼·ì϶»á´øÀ´Öî¶à¶ñÐÔÁ˾Ö £¬ADLab½áºÏÏÖʵµÄ°²È«ÊÂÎñ £¬ÒÔ¼°×ÔÖ÷·¢Ïֵķì϶ £¬¶ÔÆäÖеÄÈý¸öÀà´ËÍâ·ì϶¸ø¸÷ÈË×öÁ˷ֽ⡣


 ³ÁÈë·ì϶


2016Äê6Ô £¬DAO¹¥»÷ÊÂÎñÔÚÇø¿éÁ´º¹ÇàÉÏÁôÏÂÁ˳Á³ÁµÄÒ»±Ê £¬ºÚ¿ÍÀûÓóÁÈë·ì϶ £¬Ö±½Óµ¼ÖÂÒÔÌ«·»µÄÓ²·Ö²æ¡£mansion88Ã÷ÉýADLab¾­¹ý×êÑз¢ÏÖ £¬ÒÔÌ«·»µÄÖÇÄܺÏÔ¼ÀïÃæÒÀÈ»´æÔÚ³ÁÈë·ì϶¡£ÏÂÃæÒÔBANK_SAFEºÏԼΪÀý½øÐоÙÀý×¢Ã÷¡£


¡ñ ·ì϶ʾÀý


BANK_SAFEºÏÔ¼ÖдæÔÚµäÐ͵ĴúÂë³ÁÈë·ì϶ £¬µ±Í¨³£Óû§ÕË»§Å²ÓÃCollectº¯Êýʱ £¬Collectº¯ÊýµÄÂß¼­Ã»ÓÐÈκÎÎÊÌâ £¬Óû§Äܹ»Ë³ÀûµÄÖ´ÐÐÈ¡¿î²Ù×÷£»µ«Êǵ±ÁíÒ»¸öÖÇÄܺÏԼŲÓÃBANK_SAFEºÏÔ¼µÄCollectº¯Êýʱ £¬»á²úÉúÑϳÁµÄ°²È«Òþ»¼¡£

 

640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1


¡ñ Ô¤·À¼¼Êõ[2]


1. Ê¹ÓÃÄÚÖõÄtransfer()º¯Êý½øÐÐתÕË¡£ÓÉÓÚtranfer()º¯ÊýÖ»·¢ËÍ2300gas £¬Òò¶ø²»¼°ÒÔºÏÔ¼Ö®¼äµÄÑ­»·Å²Óá£


2. Ñ¡È¡check-effects-interactionsģʽµÄ±àÂë¡£ÔÚBANK_SAFEºÏÔ¼ÖÐ £¬[49]ÐеÄ×ʽð¿Û³ý²Ù×÷Ó¦¸Ã·Åµ½[47]ÐÐ֮ǰ¡£


3. ÒýÈë»¥Ëø»úÔì¡£Ôö³¤Ò»¸ö״̬±äÁ¿Ëø¶¨ºÏÔ¼ £¬Ô¤·À³ÁÈëŲÓá£


³¬¶îÖý±Ò


2018Äê2Ô³õ £¬»ùÓÚÒÔÌ«·»µÄMonero Gold(XMRG) TokenÔÚÂòÂôËùµÄ¼ÛÖµÏÈÃÍÕÇ787% £¬ºóѸËÙ±©µøÖÁ±ÀÅÌ £¬Ôì³É´óÁ¿Óû§¾­¼ÃËðʧ £¬Æä±³ºó¾ÍÊÇÖÎÀíÍŶÓÀûÓÃÔ¤ÁôµÄÕûÊýÒç¶Âí½Å½øÐ㬶îÖý±Ò £¬²¢ÔÚÂòÂôËùÅ×ÊÛÔì³É¶ñÐÔͨ»õÅòÕÍ £¬×îºó¼ÛÖµÏÕЩ¹éÁã¡£ADLabʹÓÃ×Ô¶¯»¯É󼯹¤¾ß·¢ÏÖ´óÁ¿ÖÇÄܺÏÔ¼ÒÀÈ»´æÔÚͬÀà·ì϶¡£ÏÂÃæÒÔGenesis VisionºÏÔ¼½øÐоÙÀý×¢Ã÷¡£


¡ñ ·ì϶ʾÀý£ºCVE-2018-11335


Genesis VisionÖÇÄܺÏÔ¼¹ÌÈ»ÒýÈëÁËOpenZepplinµÄSafeMathÊýѧÔËËã¿â £¬µ«Æä¿¯ÐÐÇ®±ÒµÄº¯Êýmint()ȴûÓÐʹÓð²È«ÔËË㺯Êý £¬¶øÊÇÖ±½ÓʹÓÃÊýѧÔËËã·û¡£ÈôÊǾ«ÐÄ»ú¹ØÊäÈë²ÎÊývalue £¬ÔÚ[188]ÐвúÉúÕûÊýÒç³ö £¬Òç³öºóÔËËãÁ˾ÖÓ×ÓÚTOKEN_LIMIT £¬¾ÍÄܹ»Èƹýtoken¿¯ÐÐÉÏÏÞ £¬ÊµÏÖ³¬¶îÖý±Ò £¬×îÖÕµ¼Ö¶ñÐÔͨ»õÅòÕÍ¡£ÕâÀàÖý±Òº¯ÊýµÄÖ´ÐÐͨ³£±ØÒªÖÎÀíԱȨÏÞ £¬Òò¶øÄܹ»¿´×÷ÊÇÒ»ÖÖºóÃÅ·ì϶¡£

 

gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==


¡ñ Ô¤·À¼¼Êõ


²»ÈÝʹÓÃÊýѧÔËËã·û £¬Ê¹ÓÃSafeMathÔËËã¿â[3]¡£


ÅúÁ¿×ªÕË


2018Äê4Ô £¬ºÚ¿ÍÀûÓÃBECÖÇÄܺÏÔ¼·ì϶¹¥»÷ÃÀÁ´BEC(ÃÀÃÛ±Ò) £¬³É¹¦ÏòÁ½¸öµØÖ·×ª³öÁËÌìÁ¿¼¶´ËÍâ BEC´ú±Ò £¬µ¼Öº£Á¿BEC±»Å×ÊÛ £¬Ê¹Çе±ÈÕBECµÄ¼ÛÖµÏÕЩ¹éÁã £¬64ÒÚÈËÃñ±Ò˲¼äÕô·¢¡£2018Äê7Ô £¬AMRºÏÔ¼Öеķì϶±»ºÚ¿Í¶ñÒâÀûÓà £¬µ¼ÖÂAMR´óÁ¿Ôö·¢¡£ÕâÁ½´Î¹¥»÷ÊÂÎñ¶¼ÊÇÓÉÓÚÅúÁ¿×ªÕ˺¯ÊýÖдæÔÚÕûÊýÒç¶Âí½Å £¬¾­ADLab×êÑз¢ÏÖ £¬Ï±íÖеÄÖÇÄܺÏÔ¼ÒÀÈ»´æÔÚͬÀà·ì϶¡£


gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==

   

¡ñ ·ì϶ʾÀý£ºCVE-2018-13836


Rocket Coin (XRC)ºÏÔ¼ÖеÄmultiTransferº¯Êý´æÔÚÕûÊýÒç¶Âí½Å £¬ÓÉÓڸú¯ÊýµÄÊôÐÔÊÇpublic £¬ËÁÒâÓû§Äܹ»Å²Óøú¯Êý½øÐÐÅúÁ¿×ª±Ò²Ù×÷ £¬²»±ØÒªÖÎÀíԱȨÏÞ¡£

 

gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==


´ÓRocket Coin´ú±ÒµÄTokenHoldersÁбíÄܹ»¿´³öºÚ¿Í¹¥»÷³É¹¦µÄºÛ¼£¡£

 

gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==


´Óetherscan.ioÄܹ»²é¿´ºÚ¿Í¹¥»÷ʱÂòÂô¼Í¼£º


https://etherscan.io/tx/0x606316fc06922ae34e6be865e64b23598d74a5e94712447dca37a7ac4c8b30a8#decodetab


´ÓInput DataÄܹ»¿´³ö¹¥»÷Õß¾«ÐÄ»ú¹ØÁË_amountsÊý×é £¬Êý×éÖÐÔ̺¬Á½¸öÔªËØ £¬ÔªËØÖµ½ÔΪ¼«´óÖµ £¬µ±Ö´Ðе½[72]ÐÐʱ½«²úÉúÕûÊýÒç³ö¡£Òò¶ø¹¥»÷ÕßÖ»ÆÆ·ÑÁ˼«ÉÙµÄtoken £¬±ãʵÏÖÅúÁ¿´ó¶îתÕË¡£


640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1


¡ñ Ô¤·À´ëÊ©


²»ÈÝʹÓÃÊýѧÔËËã·û £¬Ê¹ÓÃSafeMathÔËËã¿â[3]¡£



640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1

×ܽá

640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1


ÓÉÓÚÖÇÄܺÏÔ¼ÊÇÒ»´ÎÐÔ°ä²¼ÉÏÁ´µÄ £¬Ò»µ©³öÏÖ·ì϶½«ÄÑÒÔÖ±½Ó½¨²¹¡£


¶ÔÓÚ¿ª·¢Õß¶øÑÔ £¬·¢ÏÖ·ì϶ºóÖ»Äܰ䲼еÄÖÇÄܺÏÔ¼¶øºó×öÊÖ¶¯Ó³Éä £¬ÔÚ¹¦·ò¡¢ÈËÁ¦¡¢²ÆÁ¦ÉÏ»áÖ§³öºÜ´óµÄ¼ÛÖµ¡£


¶ÔÓÚͶ×ÊÕß¶øÑÔ £¬ÖÇÄܺÏÔ¼Éϵķì϶ºÜ¿ÉÄÜ»áʹÏàÓ¦µÄ´ú±ÒÔì³É¡°¿ÕÆø¡±±Ò £¬´øÀ´¸üΪֱ½ÓµÄ²Æ¸»Ëðʧ¡£

 

ÎÂܰÌáÐÑ£º


1¡¢Çø¿éÁ´ÊÇÐÂÐ˼¼Êõ £¬»¹Ðè¼ÓÇ¿¶ÔÆä°²È«Éó¼ÆºÍ¼à¹ÜÄÜÁ¦µÄÆ÷³Á¡£

2¡¢³´±ÒÓзçÏÕ £¬ÈëÊÐÐèÉóÉ÷ £¬Ïàʶ¶ÔÐÐÇé £¬»Ø¾ø×ö¡°¾Â²Ë¡±¡£

3¡¢Æ÷³Á¹ú¶È˾·¨Âɹæ £¬ºÏÀíͶ×Ê £¬½¡¿Â·í²Æ¡£

 


640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1

²Î¿¼Á´½Ó

640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1

[1] 

https://etherscan.io/contractsVerified

[2] 

https://blog.sigmaprime.io/solidity-security.html

[3] 

https://github.com/OpenZeppelin/zeppelin-solidity


640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1

 ²¼¾°

640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1


Çø¿éÁ´ÊǽüÄêÀ´×î¾ß¸ïÃüÐÔµÄÐÂÐ˼¼ÊõÖ®Ò» £¬ÒÔÆäÈ¥ÖÐÐÄ»¯¡¢²»³É´Û¸ÄµÈÌØµã £¬µß¸²Á˽ðÈÚµÈÖî¶àÐÐÒµµÄÔ­Óй涨¡£Çø¿éÁ´ÏÖÒѽøÈë3.0½×¶Î £¬¡°´ú±ÒºÏÔ¼¡±×÷ÎªÇø¿éÁ´ÖÇÄܺÏÔ¼ÖÐÀûÓÃ×î¿í·ºµÄÒ»Àà £¬Ò²³ÉΪ¹¥»÷ÕßÃǵijÁÒª¹¥»÷¶ÔÏó¡£


ÓÉÓÚ¼¼Êõ·¢Õ¹Ê±ºöÂÔÁ˰²È«ÏÈÐеÄÀíÏë £¬µ¼Ö¶à¶à¼¼Êõ´æÔÚ´óÁ¿°²È«ÎÊÌâ £¬Ó봫ͳ·¨Ê½Ò»Ñù £¬´ú±ÒºÏÔ¼ÎÞ·¨Ô¤·ÀÏß´æÔÚ°²È«·ì϶¡£¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶µÃÐÄÓ¦ÊֵؽÚÔìÊг¡ÉϵÄÇ®±Ò×ÜÁ¿»òËÁÒâÕË»§µÄÇ®±ÒÁ¿ £¬ÕâÑùʹÕý±¾¾ÍÎÞêµÄÇ®±Ò³¹µ×ʧȥÐÅÓþ £¬³ÉΪ¡°¿ÕÆø¡±±Ò¡£



640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1

ÖÇÄܺÏÔ¼Éó¼Æ

640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1


mansion88Ã÷ÉýADLab½üÄêÀ´³ÖÐø¹Ø×¢Çø¿éÁ´¼¼Êõ°²È«ÎÊÌâ £¬Í¨¹ý¶ÔÒÔÌ«·»Ö÷Á´[1]ÖÇÄܺÏÔ¼½øÐÐ×êÑÐ £¬·¢ÏÖÁË400¶à¸öCVE·ì϶¡£


ÖÇÄܺÏÔ¼·ì϶»á´øÀ´Öî¶à¶ñÐÔÁ˾Ö £¬ADLab½áºÏÏÖʵµÄ°²È«ÊÂÎñ £¬ÒÔ¼°×ÔÖ÷·¢Ïֵķì϶ £¬¶ÔÆäÖеÄÈý¸öÀà´ËÍâ·ì϶¸ø¸÷ÈË×öÁ˷ֽ⡣


 ³ÁÈë·ì϶


2016Äê6Ô £¬DAO¹¥»÷ÊÂÎñÔÚÇø¿éÁ´º¹ÇàÉÏÁôÏÂÁ˳Á³ÁµÄÒ»±Ê £¬ºÚ¿ÍÀûÓóÁÈë·ì϶ £¬Ö±½Óµ¼ÖÂÒÔÌ«·»µÄÓ²·Ö²æ¡£mansion88Ã÷ÉýADLab¾­¹ý×êÑз¢ÏÖ £¬ÒÔÌ«·»µÄÖÇÄܺÏÔ¼ÀïÃæÒÀÈ»´æÔÚ³ÁÈë·ì϶¡£ÏÂÃæÒÔBANK_SAFEºÏԼΪÀý½øÐоÙÀý×¢Ã÷¡£


¡ñ ·ì϶ʾÀý


BANK_SAFEºÏÔ¼ÖдæÔÚµäÐ͵ĴúÂë³ÁÈë·ì϶ £¬µ±Í¨³£Óû§ÕË»§Å²ÓÃCollectº¯Êýʱ £¬Collectº¯ÊýµÄÂß¼­Ã»ÓÐÈκÎÎÊÌâ £¬Óû§Äܹ»Ë³ÀûµÄÖ´ÐÐÈ¡¿î²Ù×÷£»µ«Êǵ±ÁíÒ»¸öÖÇÄܺÏԼŲÓÃBANK_SAFEºÏÔ¼µÄCollectº¯Êýʱ £¬»á²úÉúÑϳÁµÄ°²È«Òþ»¼¡£

 

mansion88Ã÷Éý|Ö÷Ò³


¡ñ Ô¤·À¼¼Êõ[2]


1. Ê¹ÓÃÄÚÖõÄtransfer()º¯Êý½øÐÐתÕË¡£ÓÉÓÚtranfer()º¯ÊýÖ»·¢ËÍ2300gas £¬Òò¶ø²»¼°ÒÔºÏÔ¼Ö®¼äµÄÑ­»·Å²Óá£


2. Ñ¡È¡check-effects-interactionsģʽµÄ±àÂë¡£ÔÚBANK_SAFEºÏÔ¼ÖÐ £¬[49]ÐеÄ×ʽð¿Û³ý²Ù×÷Ó¦¸Ã·Åµ½[47]ÐÐ֮ǰ¡£


3. ÒýÈë»¥Ëø»úÔì¡£Ôö³¤Ò»¸ö״̬±äÁ¿Ëø¶¨ºÏÔ¼ £¬Ô¤·À³ÁÈëŲÓá£


³¬¶îÖý±Ò


2018Äê2Ô³õ £¬»ùÓÚÒÔÌ«·»µÄMonero Gold(XMRG) TokenÔÚÂòÂôËùµÄ¼ÛÖµÏÈÃÍÕÇ787% £¬ºóѸËÙ±©µøÖÁ±ÀÅÌ £¬Ôì³É´óÁ¿Óû§¾­¼ÃËðʧ £¬Æä±³ºó¾ÍÊÇÖÎÀíÍŶÓÀûÓÃÔ¤ÁôµÄÕûÊýÒç¶Âí½Å½øÐ㬶îÖý±Ò £¬²¢ÔÚÂòÂôËùÅ×ÊÛÔì³É¶ñÐÔͨ»õÅòÕÍ £¬×îºó¼ÛÖµÏÕЩ¹éÁã¡£ADLabʹÓÃ×Ô¶¯»¯É󼯹¤¾ß·¢ÏÖ´óÁ¿ÖÇÄܺÏÔ¼ÒÀÈ»´æÔÚͬÀà·ì϶¡£ÏÂÃæÒÔGenesis VisionºÏÔ¼½øÐоÙÀý×¢Ã÷¡£


¡ñ ·ì϶ʾÀý£ºCVE-2018-11335


Genesis VisionÖÇÄܺÏÔ¼¹ÌÈ»ÒýÈëÁËOpenZepplinµÄSafeMathÊýѧÔËËã¿â £¬µ«Æä¿¯ÐÐÇ®±ÒµÄº¯Êýmint()ȴûÓÐʹÓð²È«ÔËË㺯Êý £¬¶øÊÇÖ±½ÓʹÓÃÊýѧÔËËã·û¡£ÈôÊǾ«ÐÄ»ú¹ØÊäÈë²ÎÊývalue £¬ÔÚ[188]ÐвúÉúÕûÊýÒç³ö £¬Òç³öºóÔËËãÁ˾ÖÓ×ÓÚTOKEN_LIMIT £¬¾ÍÄܹ»Èƹýtoken¿¯ÐÐÉÏÏÞ £¬ÊµÏÖ³¬¶îÖý±Ò £¬×îÖÕµ¼Ö¶ñÐÔͨ»õÅòÕÍ¡£ÕâÀàÖý±Òº¯ÊýµÄÖ´ÐÐͨ³£±ØÒªÖÎÀíԱȨÏÞ £¬Òò¶øÄܹ»¿´×÷ÊÇÒ»ÖÖºóÃÅ·ì϶¡£

 

 

mansion88Ã÷Éý|Ö÷Ò³


¡ñ Ô¤·À¼¼Êõ


²»ÈÝʹÓÃÊýѧÔËËã·û £¬Ê¹ÓÃSafeMathÔËËã¿â[3]¡£


ÅúÁ¿×ªÕË


2018Äê4Ô £¬ºÚ¿ÍÀûÓÃBECÖÇÄܺÏÔ¼·ì϶¹¥»÷ÃÀÁ´BEC(ÃÀÃÛ±Ò) £¬³É¹¦ÏòÁ½¸öµØÖ·×ª³öÁËÌìÁ¿¼¶´ËÍâ BEC´ú±Ò £¬µ¼Öº£Á¿BEC±»Å×ÊÛ £¬Ê¹Çе±ÈÕBECµÄ¼ÛÖµÏÕЩ¹éÁã £¬64ÒÚÈËÃñ±Ò˲¼äÕô·¢¡£2018Äê7Ô £¬AMRºÏÔ¼Öеķì϶±»ºÚ¿Í¶ñÒâÀûÓà £¬µ¼ÖÂAMR´óÁ¿Ôö·¢¡£ÕâÁ½´Î¹¥»÷ÊÂÎñ¶¼ÊÇÓÉÓÚÅúÁ¿×ªÕ˺¯ÊýÖдæÔÚÕûÊýÒç¶Âí½Å £¬¾­ADLab×êÑз¢ÏÖ £¬Ï±íÖеÄÖÇÄܺÏÔ¼ÒÀÈ»´æÔÚͬÀà·ì϶¡£


mansion88Ã÷Éý|Ö÷Ò³

   

¡ñ ·ì϶ʾÀý£ºCVE-2018-13836


Rocket Coin (XRC)ºÏÔ¼ÖеÄmultiTransferº¯Êý´æÔÚÕûÊýÒç¶Âí½Å £¬ÓÉÓڸú¯ÊýµÄÊôÐÔÊÇpublic £¬ËÁÒâÓû§Äܹ»Å²Óøú¯Êý½øÐÐÅúÁ¿×ª±Ò²Ù×÷ £¬²»±ØÒªÖÎÀíԱȨÏÞ¡£

 

mansion88Ã÷Éý|Ö÷Ò³


´ÓRocket Coin´ú±ÒµÄTokenHoldersÁбíÄܹ»¿´³öºÚ¿Í¹¥»÷³É¹¦µÄºÛ¼£¡£

 

mansion88Ã÷Éý|Ö÷Ò³


 

´Óetherscan.ioÄܹ»²é¿´ºÚ¿Í¹¥»÷ʱÂòÂô¼Í¼£º


https://etherscan.io/tx/0x606316fc06922ae34e6be865e64b23598d74a5e94712447dca37a7ac4c8b30a8#decodetab


´ÓInput DataÄܹ»¿´³ö¹¥»÷Õß¾«ÐÄ»ú¹ØÁË_amountsÊý×é £¬Êý×éÖÐÔ̺¬Á½¸öÔªËØ £¬ÔªËØÖµ½ÔΪ¼«´óÖµ £¬µ±Ö´Ðе½[72]ÐÐʱ½«²úÉúÕûÊýÒç³ö¡£Òò¶ø¹¥»÷ÕßÖ»ÆÆ·ÑÁ˼«ÉÙµÄtoken £¬±ãʵÏÖÅúÁ¿´ó¶îתÕË¡£


mansion88Ã÷Éý|Ö÷Ò³


 

¡ñ Ô¤·À´ëÊ©


²»ÈÝʹÓÃÊýѧÔËËã·û £¬Ê¹ÓÃSafeMathÔËËã¿â[3]¡£



×ܽá


ÓÉÓÚÖÇÄܺÏÔ¼ÊÇÒ»´ÎÐÔ°ä²¼ÉÏÁ´µÄ £¬Ò»µ©³öÏÖ·ì϶½«ÄÑÒÔÖ±½Ó½¨²¹¡£


¶ÔÓÚ¿ª·¢Õß¶øÑÔ £¬·¢ÏÖ·ì϶ºóÖ»Äܰ䲼еÄÖÇÄܺÏÔ¼¶øºó×öÊÖ¶¯Ó³Éä £¬ÔÚ¹¦·ò¡¢ÈËÁ¦¡¢²ÆÁ¦ÉÏ»áÖ§³öºÜ´óµÄ¼ÛÖµ¡£


¶ÔÓÚͶ×ÊÕß¶øÑÔ £¬ÖÇÄܺÏÔ¼Éϵķì϶ºÜ¿ÉÄÜ»áʹÏàÓ¦µÄ´ú±ÒÔì³É¡°¿ÕÆø¡±±Ò £¬´øÀ´¸üΪֱ½ÓµÄ²Æ¸»Ëðʧ¡£

 

ÎÂܰÌáÐÑ£º


1¡¢Çø¿éÁ´ÊÇÐÂÐ˼¼Êõ £¬»¹Ðè¼ÓÇ¿¶ÔÆä°²È«Éó¼ÆºÍ¼à¹ÜÄÜÁ¦µÄÆ÷³Á¡£

2¡¢³´±ÒÓзçÏÕ £¬ÈëÊÐÐèÉóÉ÷ £¬Ïàʶ¶ÔÐÐÇé £¬»Ø¾ø×ö¡°¾Â²Ë¡±¡£

3¡¢Æ÷³Á¹ú¶È˾·¨Âɹæ £¬ºÏÀíͶ×Ê £¬½¡¿Â·í²Æ¡£

 


²Î¿¼Á´½Ó


[1] 

https://etherscan.io/contractsVerified

[2] 

https://blog.sigmaprime.io/solidity-security.html

[3] 

https://github.com/OpenZeppelin/zeppelin-solidity